Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Describe the issue:
Hello Opensearch Contributors,
I hope this message finds you well. I am currently working on a project that utilizes the Tinymath library for mathematical operations in JavaScript. However, I recently discovered that Tinymath has been abandoned for the past four years and contributes to CSP-related vulnerabilities in Opensearch.
As a result, I am exploring alternative libraries that are actively maintained and do not introduce any security issues. After conducting some research, I have narrowed down the list to the following options:
- BigNumber.js (GitHub - MikeMcl/bignumber.js: A JavaScript library for arbitrary-precision decimal and non-decimal arithmetic)
- Decimal.js (GitHub - MikeMcl/decimal.js: An arbitrary-precision Decimal type for JavaScript)
- Math.js (https://mathjs.org/)
- Numeral.js (http://numeraljs.com/)
Each library appears to be lightweight and offers different features, but I would like to seek the community’s input on which option might be the most suitable for use in Opensearch.
Please share your thoughts, experiences, and any recommendations you might have regarding these libraries or other potential alternatives. Your valuable insights will help me make an informed decision and contribute to enhancing the security and performance of Opensearch…